Section 7.8. I m Having Trouble Connecting to an Existing Network


7.8. I'm Having Trouble Connecting to an Existing Network

Unfortunately, there are so many ways networks can go wrong that they're hard even to categorize, much less describe and solve. With the development of wireless networks, potential problems have multiplied.

When diagnosing network problems, the first thing to remember is that most problems are physical. If you rush to change your networking software when the problem is just a hub without power, you could make things worse. As wireless networks have their own physical and software issues, we discuss this issue separately at the end of this annoyance.

This annoyance assumes you're using TCP/IP networking, which is the standard on the Internet. Because Unix was developed concurrently with the foundations of the Internet, and Linux is in many ways a clone of Unix, Linux is built for TCP/IP.

Some companies use other networking protocols to promote security or for legacy reasons. Linux can support other networking protocols, such as AppleTalk and IPX/SPX. For more information, see the applicable HOWTOs at http://www.anders.com/projects/netatalk and http://www.tldp.org/HOWTO/IPX-HOWTO.html.


After you fix a network problem, you may need to revise a configuration file to keep the problem from happening again the next time you boot. Generally, most modern distributions store these configuration files in the /etc/sysconfig/network or similar directories. If you have trouble finding the right file, Red Hat/Fedora, SUSE, and Debian all have excellent GUI utilities that can help you configure basic network interfaces.

While this is a relatively long section, I still cover only a few of the basic networking issues. Unfortunately, a complete list of annoyances and solutions is beyond the scope of this book. For more information, start with the Networking HOWTO at http://www.tldp.org/HOWTO/Net-HOWTO.


7.8.1. Isolating the Problem

Chances are good that you already have a working LAN. But trouble is sure to happen from time to time. Cables can fray or become loose. Heat can cause network cards to work their way out of their slots. Power may cycle on your hub, switch, or router. And the first symptom you see may be network trouble on your Linux system.

In this section, I list potential problems to check step by step. As you gain experience, you may be able to isolate the problem more quickly.

7.8.1.1. Basic loopback connections

Check whether networking is operational by looking at the status of your loopback connections, one that doesn't depend at all on networking hardware. Output from the ifconfig command should list active network adapters. As long as network software is installed, you should see output at least from your loopback adapter, similar to:

 lo        Link encap:Local Loopback           inet addr:127.0.0.1  Mask:255.0.0.0           inet6 addr: ::1/128 Scope:Host           UP LOOPBACK RUNNING  MTU:16436  Metric:1           RX packets:533496 errors:0 dropped:0 overruns:0 frame:0           TX packets:533496 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 txqueuelen:0           RX bytes:75134145 (71.6 MiB)  TX bytes:75134145 (71.6 MiB) 

If you don't see a loopback interface, it may be down. You can try to activate it with the following command:

 /sbin/ifconfig lo up 

You should also be able to verify the loopback interface with the following command:

 ping 127.0.0.1 

Now try the ifconfig command again. If this doesn't work, the problems are deeper than I can address in this annoyance.

7.8.1.2. Checking network interfaces

Assuming you have network adapters on your system, you should also see their output from ifconfig. If you don't, try activating the associated interfaces. Assuming they're Ethernet or wireless adapters, try the following commands:

 /sbin/ifconfig eth0 up /sbin/ifconfig wlan0 up 

Then run ifconfig again. You should see output such as:

 eth0      Link encap:Ethernet  HWaddr 00:0D:9D:86:36:A0           inet6 addr: fe80::20d:9dff:fe86:36a0/64 Scope:Link           UP BROADCAST MULTICAST  MTU:1500  Metric:1           RX packets:0 errors:0 dropped:0 overruns:0 frame:0           TX packets:297 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 txqueuelen:1000           RX bytes:0 (0.0 b)  TX bytes:99454 (97.1 KiB)           Interrupt:10 Base address:0xe000 

If you still don't see your network cards, you may have a physical problem with the card or connection; read ahead for more information. But assuming you're on an IPv4 network, there's still a problem. You need an IPv4 network address.

An IPv6 address is shown in the settings associated with a network card. This is a manufacturer-assigned address, which is probably not suitable even if you're configuring an IPv6 network. If you use IPv6, you probably derive addresses from a hierarchy of authorities, as with IPv4.


If there's a DHCP server for your network, check it with your DHCP client command. Different distributions use client commands such as dhcpcd, dhclient, and pump to ask for an address from that server. If you have multiple interfaces, you should specify one; for instance, the following command asks for DHCP service for the Ethernet card on my computer:

 dhclient eth0 

Ideally, you'll now see something similar to the following IPv4 address information in the output to ifconfig:

   inet addr:192.168.0.11  Bcast:192.168.0.255  Mask:255.255.255.0 

Now you can test the connection between your computer and the network card. In this case, you can do so with the following command:

 ping 192.168.0.11 

You'll need to stop the output by pressing Ctrl-C. Alternatively, you could use the -c 4 switch to limit the output to four pings, i.e.:

 ping -c 4 192.168.0.11 

7.8.1.3. Checking connectivity

Now you can check connectivity to the rest of the network. The first step is to check the connectivity to a neighboring computer. If you're a Linux administrator for the network, you should be able to find these addresses through /etc/hosts or a local DNS computer IP address in /etc/resolv.conf.

If you don't know how to determine what IP addresses are on your network, refer to the IP Sub-Networking mini-HOWTO at http://www.tldp.org/HOWTO/IP-Subnetworking.html.


For example, the following command verifies connectivity to my Internet gateway router:

 ping 192.168.0.1 

Next, you can check connectivity to your network's IP address on the Internet. It's available through the other network interface on your gateway computer or router. If the gateway is a Linux or Unix system, you can find the interface's address with an ifconfig command on that computer. If it's another operating system, consult appropriate documentation.

For example, if the Internet address on my network gateway is 11.12.13.14, I'd try:

 ping 11.12.13.14 

Now, unless you know a specific IP address on the Internet, that's as far as you can go with just IP addresses.

7.8.1.4. Checking names on your LAN

As we don't normally connect to the Internet with IP addresses in our browsers, we also need to check connectivity through computer names. If you've configured static IP addresses, you should be able to find the computer names on your network in /etc/hosts. Alternatively, if you have a DNS server for your network, you should be able to find the list with the appropriate host command. For example, if you use example.com as your private network domain, you'd run:

 host -l example.com 

The host -la command may be required for later versions of DNS.

Popular domain names for private LANs include example.com, example.net, and example.org. Per the Internet society's RFC 2606, these domain names can't be used on the Internet and are reserved for testing and documentation.


I had previously configured example.com on my network; one of the results was enterprise3d.example.com, which I could then ping from another computer on my network.

 ping -c 4 enterprise3d.example.com 

7.8.1.5. Checking names on the Internet

If you're connected to the Internet, you can check name connectivity in a wider setting. Run the ping command to your favorite web site:

 % ping -c 1 www.oreilly.com PING www.oreilly.com (208.201.239.36) 56(84) bytes of data. 64 bytes from www.oreillynet.com (208.201.239.36): icmp_seq=1 ttl=45 time=40.1 ms 

This response verifies that the DNS servers that you use for Internet addresses are working properly. If you have a problem here, you should check your connection to your ISP's DNS servers. If your gateway computer runs on Linux, you'll find it in that computer's /etc/resolv.conf.

Alternatively, your computer gateway may not know where to route requests. The following shows that your system knows where to route request to two internal networks. But if the IP address is associated with a different network, your system doesn't know where to route the request:

 % netstat -r Kernel IP routing table Destination  Gateway      Genmask       Flags MSS Window  irtt Iface 192.168.0.0  *            255.255.255.0 U       0 0          0 eth1 192.168.1.0  *            255.255.255.0 U       0 0          0 eth0 

What you need is a default route, which applies to IP addresses not otherwise specified. Assuming your network is connected to the Internet and the interface on the gateway that receives data from your system is 192.168.0.1, this command should solve your routing problem:

 % route add default gw 192.168.0.1 

And the next time you run netstat -r, you'll see the following output.

 default      192.168.0.1  0.0.0.0       UG      0 0          0 eth1 

The 0.0.0.0 in the output refers to the network mask; it means that all addresses go through 192.168.0.1. Sometimes, the output also lists default as the destination address in place of 0.0.0.0; the two are synonymous when it comes to IPv4 addressing. In some cases, you may even see the fully qualified domain name (FQDN) of the gateway.

7.8.1.6. Firewalls

When you're able to connect to other computers on your LAN but not to an external network such as the Internet, you may have a firewall that is too restrictive. For example, the firewall could allow you to ping web sites on the Internet but not connect to those sites using TCP to get a web page.

In many cases, the only computer configured with a firewall is the gateway computer or router between your network and an external network, such as the Internet.

On the gateway computer, if you trust internal users (a big if), you may disable firewalls on the network card associated with the internal LAN. Unless you're working in a location such as an Internet café, crackers normally come from outside the network.

You might want to create defenses within your network as well. For example, you might configure outgoing email servers to stop internal users from sending out an excessive number of emails, which might qualify as spam. Or you might want to create firewalls within your network to further protect critical areas within your enterprise from external and internal users.

If your company wants you to block access to certain sites on the Internet, one alternative is a proxy server. For more information on the Squid proxy server, see Squid: The Definitive Guide by Duane Wessels (O'Reilly).


If you need a firewall to regulate traffic within your LAN, you'll probably need a number of open ports to support services such as Samba, NFS, and SSH. All these open ports are difficult to configure, complex to maintain, and make internal firewalls less valuable.

Because many Linux distributions configure a firewall by default, that may prevent some types of network communication within your LAN. To check the operation of, and then disable, an iptables firewall, run the following commands:

 iptables -L iptables -F 

The first command lists all rules currently being used to filter traffic, and the second flushes the rules so no filtering is done.

To make sure Linux doesn't reactivate the firewall the next time you reboot, you'll need to disable or delete the appropriate command file in the /etc/sysconfig directory. The file varies by distribution. SUSE encourages users to disable firewalls using YaST.

A detailed discussion of firewalls is beyond the scope of this book. For more information on firewalls, see Linux iptables Pocket Reference by Gregor Purdy (O'Reilly).

7.8.2. Physical Network Troubleshooting

Loose cables, problematic network cards, andgiven that so many of us now run wireless networksthe presence of too many walls between a wireless card and an access point are the most common reasons network connections fail. I assume that you already understand the basic functionality of network hardware; I summarize the components in Table 7-2.

Table 7-2. Network components

Component

Potential physical problem

Network Interface Card (NIC)

Not seated in the motherboard slot or PCMCIA socket. Check lights to confirm connectivity.

Wireless NIC

Too distant from access point; too many walls blocking signal; interference from devices in similar frequenciese.g., handheld telephones.

Cable

Wrong cable type, such as the incorrect use of a crossover cable between a PC and a hub. Severe bends can affect performance.

Hub/Switch/Router

Lack of power. Check lights to confirm connectivity. Make sure lights are active for all connections.

Gateway/Router

Lack of power. Check lights to confirm connectivity. Requires at least two NICs on the computer gateway.


When there is a solid connection between a Network Interface Card (NIC) or Hub/Switch/Router and a cable, you should see lights on each component. Generally, a solid light means you have power or connectivity; a blinking light is a sign of network activity.

7.8.3. Troubleshooting Network Services

If you've verified your physical network connections and still have problems, check your network services. Because some of these services are associated with other annoyances, this discussion is limited to general principles.

  • Make sure the service is active. You can test it by starting the associated script from /etc/init.d. Once you find the service is operational, make sure the service starts in appropriate runlevels the next time you boot Linux.

  • Unless you need to secure your systems from inside attack, deactivate firewalls on computers internal to your LAN.

  • Check the appropriate configuration file for your service. You must list each directory in the configuration file (or use the generic terms homes and printers in Samba) in order for others to access it over the network.

  • See if you can access the shared network directory on the local computer. If you can't get to a shared directory locally, you probably can't get to it from other computers on your LAN.

7.8.4. Wireless Network Issues

The advance of wireless networks led to additional annoyances. We've briefly addressed interference with other wireless devices. Worst of all, an unsecured wireless network makes it easy for outsiders to break in. In general, we assume that you're configuring a connection to an access point, such as a gateway router. However, it's also possible to connect wirelessly to a peer, such as a wireless card attached to a different computer.

This section contains just a brief overview of what you can do to avoid wireless annoyances. An excellent option for more in-depth coverage is Linux Unwired by Roger Weeks et al. (O'Reilly).


As described in "My Wireless Card Works on Another Operating System, but Not Linux" in Chapter 5, a working wireless NIC will show up in the output to ifconfig -a.

To manage a wireless network on Linux, you need the commands associated with the wireless-tools package. (At least, that's the name of the package on Red Hat/Fedora, SUSE, and Debian.)

If your wireless card fits into a PCMCIA slot, you'll also need separate configuration files in the /etc/pcmcia directory. The package that installs these files varies by distribution and by major kernel version. Table 7-3 lists some sample names under which you can find the package.

Table 7-3. Wireless package

Distribution

Major kernel version

Package

Debian

2.4/2.6

pcmcia-cs

SUSE (older versions)

2.4

kernel-pcmcia-cs

SUSE 9.X/10.x

2.6

pcmcia

Red Hat Enterprise Linux 3

2.4

kernel-pcmcia-cs

Fedora Core 3/4, Red Hat Enterprise Linux 4

2.6

pcmcia-cs


These configuration files may not work with special wireless tools or drivers installed from third-party sources such as Linuxant (http://www.linuxant.com) or SourceForge (http://sf.net), which we discussed in more detail in Chapter 5.

Once you have the right packages installed, you can configure your wireless card from the command-line interface. The key commands are iwconfig, iwevent, iwgetid, and iwlist. Once your wireless network operates to your satisfaction, you'll need to modify the appropriate configuration files with your desired settings. The commands are described in the following subsections.

7.8.4.1. iwevent

The iwevent command can help you monitor the wireless network. You can run this command in the background:

 iwevent & 

Once started, the command can help you monitor major changes to your wireless network, such as hardware, speeds, and more. Even while being run in the background, the output goes to the command console.

7.8.4.2. iwgetid

The iwgetid command identifies the name of the wireless network to which you're connected. For example, I might see the following output, which reflects the ESSID of my wireless network:

 wlan0:     ESSID:"randynancy" 

If this isn't the network you want, you can do something about it with the iwlist and iwconfig commands.

7.8.4.3. iwlist

The iwlist command is powerful. It can help you scan available networks, manage transmission power, check available communication channels, list access points, and more. You can run it in the following format:

 iwlist [device] option 

Generally, it's more efficient to specify the network device when you run this command. For example, if your wireless interface is wlan0, and you want to scan available wireless network ESSIDs, run the following command:

 iwlist wlan0 scanning 

Key information from this output includes the frequency (channel), ESSIDs, available bit rates, signal strengths, and access modes.

Other key iwlist command options are listed in Table 7-4. In several cases, there are two options, such as rate and bit rate, that produce the same result.

Table 7-4. iwlist command options

Option

Description

scanning

Scans for available access points, returning the ESSIDs, transmission frequencies, bit rates (from the access points), signal strengths, and access modes

frequency channel

Lists available channels and their corresponding reception frequencies available to your network card

bitrate rate

Lists available bit rates for your network card

encryption key

Lists encryption keys for your network card

power

Specifies the power-management modes for your network card

txpower

Reports the transmission power from your network card

ap accesspoints

Reports detected access points

peers

Lists detected access points and configured peers


7.8.4.4. iwconfig

In the same way you can configure a regular network card with the ifconfig command, you can configure a wireless network card with the iwconfig command: you can change access points, set bit rates, adjust transmission power, and more. Just remember that, once you've verified that your changes work, you'll need to revise the applicable configuration files or scripts for your wireless device so they take effect each time the system boots.

Running iwconfig without options returns the wireless characteristics of each wireless network device:

 wlan0  IEEE 802.11-DS  ESSID:"randynancy"  Nickname:"unknown"       Mode:Managed  Frequency:2.412 GHz  Access Point: 00:09:5B:FA:BB:76       Bit Rate=5.5 Mb/s   Tx-Power=20 dBm       RTS thr:off   Fragment thr:off       Encryption key:off       Power Management:off       Link Quality=38/100  Signal level=-62 dBm  Noise level=-154 dBm       Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0       Tx excessive retries:0  Invalid misc:0   Missed beacon:0 

When you specify the wireless device, you can change its configuration. For example, you may be able to connect to more than one wireless network:

 # iwlist wlan0 scanning | grep ESSID ESSID:"randynancy" ESSID:"default" 

You might have trouble connecting to your preferred network. In my case, I want to make sure that I connect to my home network (instead of my neighbor's network). Thus, I specify the network to which I connect as follows:

 # iwconfig wlan0 essid randynancy 

There are a number of other wireless characteristics that you can configure with the iwconfig command. Using the format shown in the previous example, you can change the settings described in Table 7-5.

Table 7-5. iwconfig options

Option

Function

essid

Sets the wireless network to which your device connects.

channel

Specifies the channel where your wireless card communicates. It's best if it matches the transmission channel configured at your access point.

mode

Changes the operating mode to either centralized communication with an access point or ad hoc communication with other wireless peers; options include:

  • Ad-Hoc if there's no access point

  • Managed with access points

  • Master if this network card is the access point

  • Repeater for forwarding from access points

  • Secondary as a backup Repeater

  • Monitor if the card receives only dataxs

ap

Defines a specific access point.

rate

Specifies a communication rate in bits per second.

key

Sets an encryption key.

txpower

Specifies the transmission power.




Linux Annoyances for Geeks
Linux Annoyances for Geeks: Getting the Most Flexible System in the World Just the Way You Want It
ISBN: 0596008015
EAN: 2147483647
Year: 2004
Pages: 144
Authors: Michael Jang

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net